Autore Topic: Dumb - A Faster And Flexible Domain Bruteforcer  (Letto 195 volte)

0 Utenti e 1 Visitatore stanno visualizzando questo topic.

Offline Ruggero Respigo

  • Global Moderator
  • Newbie
  • *****
  • Post: 0
  • Karma: 2
  • Ruggero Respigo - Milano
    • Mostra profilo
    • Ruggero Resppigo - Dottore Commercialista a Milano
    • E-mail
Dumb - A Faster And Flexible Domain Bruteforcer
« Risposta #1 il: Marzo 16, 2018, 01:04:23 pm »
Advertisement
Dumb - A Faster And Flexible Domain Bruteforcer


A tool to bruteforce "dumains"!

How DUMB works:
Dumb works with a masked dumain for substitution. The dumain can have as many masks as you want as long as you pass the according wordlists. For example:

Bruteforcing subdumains:
Using the mask DUMB.dumain.com and the following wordlists:
www
ftp
backoffice
Dumb will generate the following dumains for bruteforce:
www.dumain.com
ftp.dumain.com
backoffice.dumain.com
For subdumains, you can only pass dumain.com and dumb will understand as DUMB.dumain.com.

Bruteforcing domain endings:
Using the same principle, you can pass as mask dumain.DUMB with the following wordlist:
com
net
org
Dumb will generate the following dumains for bruteforce:
dumain.com
dumain.net
dumain.org

Bruteforcing everything:
To bruteforce everything you can pass the mask as "DUMB.DUMB.DUMB" passing three wordlists:
wordlist1   wordlist2   wordlist3
www         foo         com
ftp         bar         net
Dumb will generate:
www.foo.com
ftp.foo.com
www.bar.com
ftp.bar.com
www.foo.net
ftp.foo.net
www.bar.net
ftp.bar.net

Usage:
Dumb receives the dumain mask as first parameter and the wordlists following. The number of wordlists must match the number of masks in the dumain. For example:
  • One mask:
     
    $ dumb "DUMB.dumain.com" wordlists/foo.txt
  • Two masks:
     
    $ dumb "DUMB.dumain.DUMB" wordlists/foo.txt wordlists/bar.txt
  • Several masks:
     
    $ dumb "DUMB-DUMB-DUMB_DUMB.DUMB.DUMB" wordlists/foo_1.txt ... wordlists/foo_6.txt

Docker:
If you don't want to build from source, you can use the docker version:
  • docker run -it giovanifss/dumb "DUMB.dumain.com" subdomains.txt
All the wordlists in wordlists/ are inside the docker container in filesystem root /, this means that you can call dumb passing the wordlists name:
  • docker run -it giovanifss/dumb "DUMB.dumain.com" (subdomains.txt|subdominios.txt|domain-endings.txt)
To work with local wordlists that aren't present inside the container, you can use docker volumes:
docker run -v local/wordlist.txt:/opt/wordlist.txt -it giovanifss/dumb "DUMB.dumain.com" /opt/wordlist.txt


Building from source:
If you want to build from source you will need stack:
  • Enter in the project directory and run $ stack build.
  • To execute:
    $ stack exec dumb "DUMB.dumain.com" wordlists/subdomains.txt
Note that some older versions of stack have some problems to build the project (Debian stack package, for example). Make sure you get the latest stack version.

Future features:
Future planned features are:
  • Argument parser support, for better configuration of the tool execution;
  • Post analysis of found dumains, generating statistics and metrics;

Performance:
The tool performance will highly depend on your network connection. Usually, it should take less then 10 seconds to finish a subdumain burteforce with the wordlists/subdomains.txt wordlist.
If you have a good connection and think that the tool is slow, try changing the 1000 in the splitDomains function call, e.g. mapM_ (MP.mapM_ (resolve rs)) (splitDomains 1000 allDomains), to a higher value.
Alternatively, you can change mapM_ (MP.mapM_ (resolve rs)) (splitDomains 1000 allDomains) to MP.mapM_ (resolve rs) allDomains to execute all the requests in parallel.



Source: Dumb - A Faster And Flexible Domain Bruteforcer


Ruggero Respigo , dottore commercialista a Milano, svolge dal 1979 l’attività di  Libero Professionista e Consulente aziendale per le maggiori aziende italiane ed estere. https://www.ruggerorespigo.it

 

Related Topics

  Oggetto / Aperto da Risposte Ultimo post
0 Risposte
256 Visite
Ultimo post Giugno 12, 2018, 01:12:12 am
da Flavio58
0 Risposte
136 Visite
Ultimo post Giugno 25, 2018, 12:09:44 am
da Flavio58
0 Risposte
87 Visite
Ultimo post Luglio 28, 2018, 08:09:03 pm
da Flavio58
0 Risposte
117 Visite
Ultimo post Novembre 02, 2018, 08:02:25 pm
da Flavio58
0 Risposte
12 Visite
Ultimo post Ottobre 18, 2019, 08:16:01 pm
da Ruggero Respigo

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326